In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This episode is a master class in board communication in cybersecurity, and the conversation went into such depth that a Part 2 is already being planned.